Huge Security Hole with wp-admin?
I just registered new test accounts on my BuddyPress site and after I get the email activations and login, I can login to wp-admin with these “subscriber” accounts and change EVERYTHING on the back-end!
I look at user roles and they are still “subscribers” but the bar at the top says “Hi admin! You’re logged in as a site administrator.” What is going on here?! I know I installed BuddyPress correctly.
Using WPMU 2.7.1, BuddyPress 1.0 and BBPress alpha 6.
You must be logged in to reply to this topic.